This invention relates generally to methods and systems for backing up computer data in computer systems, and more particularly to the authentication of client computers for installation of backup software and the backup of the clients.
Computer systems store data that is unique and often critical, and, if lost, would frequently be expensive, difficult or impossible to replace. The data is normally stored on hard disks or other storage devices which are subject to the possibility of failure. Additionally, data may also be lost by theft, fire or other disaster, and frequently the data lost is permanent. Accordingly, backup methods and systems have been developed to maintain controlled redundancy of data to enable data to be recovered in the event of a disaster and to avoid or minimize the loss of the data.
Backup systems copy source data from a computer source storage volume to backup media so that if the original source data is lost, it may be restored from the backup copy. Since data in a computer system is continuously being created or modified, it is important that backup be performed frequently to ensure that the backup copy of the data is current. Most backup in large systems is batch-oriented and performed at predetermined times during a backup window, such as at night when the computer system is not being used for normal processing operations. In computer systems having a plurality of interconnected computers, such as a network, one computer, referred to as a backup computer or a backup server, may manage the backup process and copy source data from the other interconnected computers on the network, referred to as backup client computers or simply as “clients”, to backup media. The backup server executes a backup software application that manages the backup process, and the client computers execute client backup applications that cooperate with the backup server application and read source data from source volumes and forward the data to the backup server for backup.
Generally, a system administrator must install the client backup software application on each client machine and assign an access password to the machine. Passwords are necessary to authenticate clients, and used to ensure that an unauthorized or another copy of backup server software does not obtain access to the client's data. The access passwords must then be logged into the backup server so that the backup server can subsequently access the clients for backup. In enterprises having many different clients, it is a time-consuming and burdensome process to install the client backup software application on each client machine, assign a password, and then log the password for the client machine with the backup server. The administrator must physically go to each client machine to manually install the client software and to log each password with the backup server. Automated tools exist that enable an administrator to “push install” new programs on a machine connected to a network. Examples are Microsoft's SMS Server or SSH push installation protocols. However, these are designed to install uniform software on multiple computers, and do not resolve difficulties such as distributing unique passwords or other security credentials to multiple machines. Moreover, in large enterprises, new clients are continually being added to the network, and this imposes a continuing burden on administrators of repeating the backup software installation process for each new machine.
In addition to installing client backup software onto a client computer, the client computer must be logged into a backup database of the backup server in order to be backed up. This involves authentication and is also typically a manual process. The user must enter a password and certain information, such as encryption keys, that enable the backup server to communicate securely with the client computer to login and add it to the backup database. Adding new clients to a backup database imposes a further burden on systems administrators.
Another backup problem faced by some is ensuring that clients that connect to a network infrequently or that may have never connected to the network are properly backed up. Large enterprises, for example, may have a number of geographically separated sites, each having its own local area network (“LAN”) connected to the enterprise wide area network (“WAN”), and each LAN having its own local backup server for backing up clients on that LAN. Frequently, mobile clients, such as laptop computers, may travel between the different sites, and connect to local LANs. In such situations, there is no way to automatically authenticate a mobile client on the local site's LAN, since the mobile client's password is on the client's home network backup server. Thus, the mobile client does not get backed up during the local site's backup session, unless a systems administrator manually sets up the visiting client on the backup system.
It is desirable to provide backup systems and methods which avoid the foregoing and other problems of known backup approaches by facilitating the installation of client backup software and authentication of clients. It is to these ends that the present invention is directed.